diff --git a/.env.jinja b/.env.jinja index 99f25f4..4c11fe6 100644 --- a/.env.jinja +++ b/.env.jinja @@ -22,6 +22,8 @@ DB_ROOT_PASSWORD="{{ db_root_password }}" DB_USE_TLS={{ db_use_tls | int }} {% if use_custom_certs -%} DB_CERTS=/certs/db-certs.crt +{%- else -%} +DB_CERTS=/etc/ssl/certs/ca-certificates.crt {%- endif %} SOURCE_SYSTEM_HOST= diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 11ac1c9..3465c06 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,6 @@ jobs: version: "0.9.26" - name: Test template using copier-template-tester run: | - docker container ps uv run --with copier --with copier-templates-extensions --with bcrypt --with copier-template-tester ctt - name: Show running containers run: | diff --git a/compose.yaml.jinja b/compose.yaml.jinja index 9a54336..3514c74 100644 --- a/compose.yaml.jinja +++ b/compose.yaml.jinja @@ -57,7 +57,7 @@ services: {% if db_host_type == "container" -%} depends_on: - db - {%- elif db_host_type == "same_server" -%} + {%- elif db_host_type == "same_server" or is_test -%} extra_hosts: - "host.docker.internal:host-gateway" {%- endif %} @@ -98,7 +98,7 @@ services: {% if db_host_type == "container" -%} depends_on: - db - {%- elif db_host_type == "same_server" -%} + {%- elif db_host_type == "same_server" or is_test -%} extra_hosts: - "host.docker.internal:host-gateway" {%- endif %} @@ -135,7 +135,7 @@ services: {% if db_host_type == "container" -%} depends_on: - db - {%- elif db_host_type == "same_server" -%} + {%- elif db_host_type == "same_server" or is_test -%} extra_hosts: - "host.docker.internal:host-gateway" {%- endif %} @@ -170,7 +170,7 @@ services: {% if db_host_type == "container" -%} depends_on: - db - {%- elif db_host_type == "same_server" -%} + {%- elif db_host_type == "same_server" or is_test -%} extra_hosts: - "host.docker.internal:host-gateway" {%- endif %} diff --git a/copier.yaml b/copier.yaml index db2c1a8..b98b419 100644 --- a/copier.yaml +++ b/copier.yaml @@ -162,7 +162,12 @@ db_use_adminer: use_custom_certs: type: bool help: Do you need to use a custom CA file to verify HTTPS and DB connections? - default: false + default: |- + {% if certificate_type == 'file' or db_use_tls -%} + {{ UNSET }} + {%- else -%} + false + {%- endif %} when: "{{ certificate_type == 'file' or db_use_tls }}" use_ofelia: @@ -257,6 +262,15 @@ _message_after_copy: | _tasks: # validation + - "echo Checking that the compose file has no warnings" + - command: | + if docker compose config --quiet 2>&1 | grep --quiet level=; then + echo compose config has errors or warnings + docker compose config --quiet 2>&1 + exit 1 + else + echo compose config has no errors or warnings + fi - "echo Checking that required files are provided" - command: | echo Firebase admin key missing at {{ extra_files + '/firebase-admin-key.json' }} @@ -382,4 +396,5 @@ _exclude: - "zizmor.yml" # - "README.md" - extensions + - "{% if not is_test %}scripts/cleanup_db.sh{% endif %}" - "{% if not is_test %}tests{% endif %}" diff --git a/ctt.toml b/ctt.toml index 7dba317..10cceed 100644 --- a/ctt.toml +++ b/ctt.toml @@ -45,3 +45,22 @@ db_host_type = "same_server" db_port = 3307 db_root_user = "root" db_root_password = "root-password" +_extra_tasks = [ + # need to clean up on existing DB server + "ENVIRONMENT='{{ environment }}' DB_ROOT_USER='{{ db_root_user }}' DB_ROOT_PASSWORD='{{ db_root_password }}' DB_HOST='{{ db_host }}' DB_PORT='{{ db_port }}' DB_USER='{{ db_user }}' DB_NAME=admin ./scripts/cleanup_db.sh", + "docker compose down", +] + +# DB on a different server requires a db_host +[output.".ctt/db_different_server"] +db_host_type = "separate_server" +# use the service container to pretend it is a separate server +# very tricky to test in CI with a dedicated hostname +db_host = "host.docker.internal" +db_port = 3307 +db_root_user = "root" +db_root_password = "root-password" +# force no TLS during test, requires certificate otherwise +# TODO: add test case with TLS enabled +db_use_tls = 0 +use_custom_certs = false diff --git a/scripts/cleanup_db.sh b/scripts/cleanup_db.sh new file mode 100755 index 0000000..649fb5c --- /dev/null +++ b/scripts/cleanup_db.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -euo pipefail + +# renovate: datasource=docker depName=alpine +ALPINE_VERSION="3.23.2" + +echo "Running container for mysql-client..." +docker run --rm --interactive \ + --env DB_ROOT_USER=${DB_ROOT_USER} \ + --env DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} \ + --env DB_HOST=${DB_HOST} \ + --env DB_USER=${DB_USER} \ + --env DB_NAME=${DB_NAME} \ + --network opal-${ENVIRONMENT} \ + --add-host "host.docker.internal:host-gateway" \ + alpine:${ALPINE_VERSION} sh -s << EOF +set -euo pipefail +apk add --no-cache mysql-client +echo "Connecting to DB server on ${DB_HOST}:${DB_PORT}..." +echo "Dropping databases..." +MYSQL_PWD=${DB_ROOT_PASSWORD} mariadb --protocol tcp --skip-ssl --user ${DB_ROOT_USER} --host ${DB_HOST} --port ${DB_PORT} <<'EOIF' +DROP DATABASE IF EXISTS \`$DB_NAME\`; +DROP DATABASE IF EXISTS \`OpalDB\`; +DROP DATABASE IF EXISTS \`QuestionnaireDB\`; +EOIF +echo "Successfully dropped databases" +echo "Dropping DB user ${DB_USER}..." +MYSQL_PWD=${DB_ROOT_PASSWORD} mariadb --protocol tcp --skip-ssl --user ${DB_ROOT_USER} --host ${DB_HOST} --port ${DB_PORT} <<'EOIF' +DROP USER IF EXISTS '$DB_USER'@'%'; +FLUSH PRIVILEGES; +EOIF +echo "Successfully dropped DB user ${DB_USER}" +EOF +echo "Done!"